GLSA-200701-24 : VLC media player: Format string vulnerability
Medium Nessus Plugin ID 24309
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200701-24 (VLC media player: Format string vulnerability)
Kevin Finisterre has discovered that when handling media locations, various functions throughout VLC media player make improper use of format strings.
An attacker could entice a user to open a specially crafted media location or M3U file with VLC media player, and execute arbitrary code on the system with the rights of the user running VLC media player.
There is no known workaround at this time.
SolutionAll VLC media player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=media-video/vlc-0.8.6-r1'